In PHP, filters provide a convenient and secure way to validate and sanitize user input. PHP filters are used to validate and sanitize external input, like user input from forms, and they can be used to filter data from various sources. Here's an overview of how to use PHP filters:
There are two main functions for using filters in PHP:
Validation Filters:
Sanitization Filters:
Single Variable:
$email = "john.doe@example.com";
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Valid email address.";
} else {
echo "Invalid email address.";
}
Single Variable with Options:
$number = "123";
$options = array(
'options' => array(
'min_range' => 1,
'max_range' => 100
)
);
if (filter_var($number, FILTER_VALIDATE_INT, $options)) {
echo "Valid number.";
} else {
echo "Invalid number.";
}
Multiple Variables:
$data = array(
'email' => "john.doe@example.com",
'age' => "30",
'url' => "https://example.com"
);
$filters = array(
'email' => FILTER_VALIDATE_EMAIL,
'age' => array(
'filter' => FILTER_VALIDATE_INT,
'options' => array(
'min_range' => 1,
'max_range' => 120
)
),
'url' => FILTER_VALIDATE_URL
);
$result = filter_var_array($data, $filters);
if ($result['email'] === false) {
echo "Invalid email.";
}
if ($result['age'] === false) {
echo "Invalid age.";
}
if ($result['url'] === false) {
echo "Invalid URL.";
}
Let's say you have a form with three input fields: email, age, and URL. Here's how you can use filters to validate and sanitize the form data:
HTML Form (form.html):
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Form with Filters</title>
</head>
<body>
<h2>Form with Filters</h2>
<form action="process_form.php" method="post">
Email: <input type="text" name="email"><br>
Age: <input type="text" name="age"><br>
URL: <input type="text" name="url"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
PHP to Process Form (process_form.php):
<?php
$email = $_POST['email'];
$age = $_POST['age'];
$url = $_POST['url'];
$filters = array(
'email' => FILTER_VALIDATE_EMAIL,
'age' => array(
'filter' => FILTER_VALIDATE_INT,
'options' => array(
'min_range' => 1,
'max_range' => 120
)
),
'url' => FILTER_VALIDATE_URL
);
$result = filter_var_array($_POST, $filters);
if ($result['email'] === false) {
echo "Invalid email.<br>";
} else {
echo "Email: " . $result['email'] . "<br>";
}
if ($result['age'] === false) {
echo "Invalid age.<br>";
} else {
echo "Age: " . $result['age'] . "<br>";
}
if ($result['url'] === false) {
echo "Invalid URL.<br>";
} else {
echo "URL: " . $result['url'] . "<br>";
}
?>
The HTML form (form.html
) sends the form data to process_form.php
using the POST method.
process_form.php
retrieves the form data using $_POST
.
The filter_var_array()
function is used to filter the input data according to the specified filters.
Each input is validated with its corresponding filter, and if it fails validation, an error message is displayed.
Using PHP filters helps ensure that the data you receive from users is in the expected format and reduces the risk of security vulnerabilities caused by malformed or malicious data.